Enhanced alignment, broader culture for stronger cyber defenses

����ý Insight’s Cybersecurity Series kicks off with discussions on securing organizations

By Krystal Anjela H. Gamboa

As digital innovation becomes an imperative in businesses across the Philippines and the risks that accompany have never been more sophisticated, implementation of cybersecurity becomes critical. Whether it may be a multimillion corporation or a small or medium enterprise, businesses have to equip themselves against cyber threats.

Recognizing the need for heightened awareness about cyber threats and wider understanding about cybersecurity, ����ý, together with the Cybersecurity Council of the Philippines (CSCP), has spearheaded a series of ����ý Insights fora, kicking off with a discussion on “Fortifying Cybersecurity Among Organizations” last Aug. 22 at the SEDA Manila Bay Hotel in Pasay City.

The series is part of ����ý’s and PhilSTAR Media Group’s advocacy campaign that aims to forge partnerships between the government and businesses for better cybersecurity legislation; to educate the public on cybercrime prevention; and to increase awareness among sectors of the importance of cybersecurity.

“We are raising a call for a nation more empowered to defend itself against cyberthreats and cybercriminals. Cybersecurity is not solely a concern of our IT teams, but rather a foundational business imperative and a shared national responsibility,” ����ý’s Executive Vice-President Lucien C. Dy Tioco said in his welcome address.

CSCP Founding Chairman Donald Patrick L. Lim shared the same sentiments in his keynote, noting that cybersecurity is becoming the backbone of governance and corporate survival as businesses integrate advanced technology into their operations.

“There is no gray area. It’s either you’re secure or not secure,” he said.

The forum gathered business, technology, and cybersecurity experts to identify the top cybersecurity threats businesses face today and to explore the strategies that can be employed in response to these threats.

The rise of cyberthreats

As the workplace is no longer confined to office cubicles and desktop computers, there has been an ever-expanding network growth in today’s hybrid setups. If not protected, these connections can be exploited by cybercriminals.

“Attackers are no longer breaking in, they are just logging in,” Alexis Bernardino, Field CISO and Cybersecurity Product Head at ePLDT and PLDT Enterprise, stressed during the first panel discussion.

Such cyberattacks have risen dramatically in recent years. As technology evolves, so does the crimes. What used to be simple viruses have evolved into highly organized and well-funded operations. Hence, companies can no longer afford to treat cybersecurity as an afterthought. One breach can wipe out years of hard work, drain finances, and destroy reputations.

As the Philippines accelerates its digital transformation — from embracing cloud platforms, e-wallets, to online government services — the country has also become a growing target. Ransomware has evolved into an industry of its own. Insider threats continue to undermine security from within.

“You don’t ask what you will do if you get breached, but what you will do when you get breached,” Chito Jacinto, president of the Information Security Officers Group (ISOG), emphasized.

On public-private collaboration

No one can stand alone against the speed of today’s cyber threats. Public and private collaboration extends beyond crisis response. It also involves long-term capacity-building such as joint training programs, research funding, and policy development.

While private sectors contribute expertise and resources, the government can craft frameworks that incentivize compliance and penalize negligence.

Police Colonel Jay Guillermo, chief of the Cyber Response Unit of the Philippine National Police Anti-Cybercrime Group, heeded the needed teamwork.

“We need a collaboration between private organizations and law enforcement. Investigations and police work are reactive,” he said. “Cybersecurity needs to be proactive.”

For workplaces, this will translate into strengthened protections: businesses gain access to more reliable security services and better-prepared employees. The government, then, will benefit from private sectors that are aligned with national cybersecurity goals.

Ultimately, in a digital economy where threats recognize no borders or industries, the only defense that is most effective is one built on trust and cooperation across sectors. This dual approach ensures that efforts are not fragmented, but sustainable.

Integrating AI into defenses

With its continuing relevance, artificial intelligence (AI) is positioned as a powerful defender. Since it can analyze billions of data in real time, it can flag unusual behavior such as suspicious logins or abnormal file transfers. Additionally, with its predictive systems feature, it can anticipate incoming attacks by studying existing patterns, reducing response times.

Yet, AI can also be a weapon for attackers. Cybercriminals have been utilizing it to craft phishing emails, generate deepfake voices, and deploy bots that test passwords or scan systems for vulnerabilities at scale.

“Every access point in your infrastructure is a valid entry point for cyber breaches,” Mr. Bernardino lamented. “They don’t even have to be sophisticated attacks, but simple attacks like email phishing and scams. What more with sophisticated AI?”

There had been calls for the government to pass legislations to protect the digital infrastructure, particularly in the usage of AI. As Mr. Jacinto of ISOG stated, “We don’t see much of an improvement in terms of implementation right now. The capabilities of the Data Privacy Act are not sufficient or clear enough.”

The urgency is clear: as more workplaces adopt AI and expand digital operations, legislations must also evolve just as fast. Without laws, businesses will remain vulnerable, and public trust in digital transformation could be compromised.

Cybersecurity culture

Despite advanced firewalls, AI-driven detection systems, and encryption protocols, the biggest vulnerability remains human error.

To counter this, organizations are now recognizing that cybersecurity is not simply a technical issue, but a cultural one. Assessing a workforce’s knowledge and capacity with cybersecurity and equipping them with the knowledge will be key, as PwC Philippines Risk Services — Cybersecurity and Privacy Executive Director Mark Anthony Almodovar noted.

“Rather than saying people are the weakest links, think of people as the most important assets. Test your people. If you don’t test your people, they will not be able to protect against what is new to them,” he said during the second panel discussion.��

Companies have been investing in cybersecurity training for their employees to equip them with knowledge to identify and respond to such risks, as GCash Chief Information Security Officer Miguel Geronilla shared.

“Having a security-first mindset means always thinking of security every day,” he said. “We must be secure by default, and that means being able to do secure practices on our own. It’s not about the usual awareness, but embedding it into everyday practices.”

Carmelo Rondain Alcala, a board of trustee of ISACA Manila Chapter, reiterated the four attributes of control, which organizations should couple with their people upskilling efforts.

“Policies and procedures, configurations, monitoring, reporting — without these four attributes of control, your cybersecurity is weak,” Mr. Alcala said.

Such actions must involve education and awareness, where said training sessions keep the employees alert. Clear policies should also be held where leaders must be set as an example.

By cultivating a culture of vigilance, alongside investing in advanced technologies and preparations for inevitable threats, organizations can safeguard their digital frontlines and so gain more confidence to thrive in more digital world.

“Cybersecurity is only as tough as the people using them. This is why culture matters, from the CEO down. It’s not simply a boardroom topic,” CSCP Executive Director and Co-Founder Julian Louie Singson shared in his closing remarks synthesizing the discussions.

As the future brings new technology-driven opportunities, cyber threats will also come along. A secure digital environment has become more vital for organizations to gain trust from stakeholders and to build resiliency within. This calls for enhanced initiatives within organizations for firmer public-private alignment among stakeholders, stronger data protection across departments, and wider cybersecurity culture in the workplace.

Two more fora are under way for ����ý Insight’s Cybersecurity Series, followed by a culminating Cybersecurity Summit in March next year.

This ����ý Insights forum was presented by ����ý Corp. and GCash, in partnership with the Cybersecurity Council of the Philippines, sponsored by PLDT, and supported by the Asian Consulting Group, American Chamber of Commerce of the Philippines, British Chamber of Commerce of the Philippines, Bank Marketing Association of the Philippines, CCI France Philippines, the Information Security Officers Group, Management Association of the Philippines, Philippine Chamber of Commerce and Industry, Philippine Franchise Association, Philippine Retailers Association, with official media partner The Philippine STAR.